Top 10 Stories

Attackers at US bank JP Morgan Chase were able to access the network for at least two months before being discovered.   According to Infosecurity, unnamed sources inside the investigation that spoke to the New York Times said that hackers were able to gain a high level of system privileges on more than 90 servers. The attack began sometime in June and went through August.   Federal authorities believe that the perpetrators, who are likely part of a Russian cyber-gang, were...

A man has been arrested on suspicion of masterminding a £1.6m cyber raid on cash machines.   A 37-year-old man is being questioned in Portsmouth for allegedly being part of an "organised gang" that loaded malware in to the dispensers in Brighton, London, Liverpool, Blackpool, Doncaster and Sheffield.   Police alleged that the cash machines were physically broken into and infected with a virus, before large amounts of cash were withdrawn. It is thought 51...

Microsoft has published a temporary fix for the zero-day flaw which is currently being exploited via PowerPoint.   The flaw affects all Windows releases except Windows Server 2003, and can be exploited if a user is coaxed into opening a malicious Office file containing an OLE (object linking and embedding) object.   The fix, which Microsoft calls the ”OLE packager shim workaround,” is for 32- and 64-bit versions of PowerPoint 2007, 2010 and 2013.   VIEW FULL...

US officials are investigating about two dozen suspected examples of medical equipment vulnerable to hack attacks, potentially putting patients' lives at risk.   The products include heart implants and drug infusion pumps, after investigators found that flaws in the kit could be used to cause heart attacks and drug overdoses.   While there are no known examples of deaths having happened this way, the Department of Homeland Security said its fears were justified as it...

Many WYSIWYG online editors proved to be vulnerable to cross-site scripting (XSS) attacks.   With many sites allowing you to make forum posts, publish blog entries, post private messages, update wiki entries, submit support tickets, create signatures or leave comments, many websites could be vulnerable.   Some of the websites examined by security researcher Ashar Javed  relied upon third-party editor libraries and could potentially be being used on millions of other websites. All it would take...

Belgacom has said that it was hit by a suspected APT attack which, according to leaked documents from NSA whistle-blower Edward Snowden and published by German newspaper Der Spiegel, was the work of the NSA and UK's own GCHQ.   Called project ‘Operation Socialist', the leaked slides revealed how the attack was used to target Belgacom subsidiary Bics, a joint venture between Swisscom and South Africa's MTN. The agencies allegedly used an attack method called ‘quantum...

17 attacks greater than 100 Gbps were mitigated in Q3, with the largest attack measured at 321 Gbps.   According to Akamai, brute force approaches characterised the most significant campaigns in Q3 as attackers shifted towards new attack methods and enhanced older attack methods to consume more bandwidth.   These record‑setting DDoS attack campaigns marked an 80 per cent increase in average peak bandwidth in Q3 compared to the previous quarter and a four-fold increase...

The National Crime Agency (NCA) is on the lookout for new recruits to its cyber crime division for its National Cyber Crime Unit (NCCU).   The NCCU, which focuses on serious and organised hi-tech crime, is in need of new officers with a range of skills including software development, network engineering, digital forensics and online investigation. It said that mny of these roles are open to applicants irrespective of their professional background.   According to Infosecurity, many of...

With the rise of smart cities comes the concerns about the economic realities of aging infrastructures, outdated transportation modes, and insufficient affordable housing, as well as cyber concerns.   Microsoft introduced its Model National Cybersecurity Strategy last year to help Governments make the complex challenge of cyber security easier to manage from a public policy perspective, and has launched a new whitepaper,“Developing a City Strategy for Cybersecurity”,recognising that cities are facing similar challenges to creating a unified approach...

A new variant of the Android malware Koler now spreads by text message and holds infected users’ phones hostage until a ransom is paid.   According to a detection by AdaptiveMobile, the worm emerged on October 19th, and the attack is occurring worldwide, but the majority of the infected phones are in the United States. This new version of Koler works by sending an SMS message with a bitly link stating that an account with...